[BACK]Return to 64.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/64.html between version 1.57 and 1.58

version 1.57, 2018/10/14 19:34:34 version 1.58, 2018/10/14 22:50:28
Line 195 
Line 195 
         process to the specified files and directories.  It is most          process to the specified files and directories.  It is most
         powerful when properly combined with privilege separation          powerful when properly combined with privilege separation
         and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.          and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>.
       <li>Implemented MAP_STACK option for
           <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>.
           At pagefaults and syscalls the kernel will check that the
           stack pointer points to MAP_STACK memory, which mitigates
           against attacks using stack pivots.
     <li>New RETGUARD security mechanism on amd64 and arm64:      <li>New RETGUARD security mechanism on amd64 and arm64:
         use per-function random cookies to protect access to function          use per-function random cookies to protect access to function
         return instructions, making them harder to use in ROP gadgets.          return instructions, making them harder to use in ROP gadgets.
       <li><a href="https://man.openbsd.org/clang-local.1">clang(1)</a>
           includes a pass which identifies common instructions which
           may be useful in ROP gadgets and replaces them with safe
           alternatives on amd64 and i386.
       <li>The Retpoline mitigation against Spectre Variant 2 has been
           enabled in <a href="https://man.openbsd.org/clang.1">clang(1)</a>
           and in assembly files on amd64.
     <li>Simultaneous multithreading (SMT) is now disabled by default      <li>Simultaneous multithreading (SMT) is now disabled by default
         and can be enabled with the new <code>hw.smt</code>          and can be enabled with the new <code>hw.smt</code>
         <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable.          <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable.
Legend:
Removed from v.1.57  
changed lines
  Added in v.1.58